CVE-2018-5379 - The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain f

CVE-2018-5379

Summary

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.

References

Vulnerable Configurations

cpe:2.3:a:quagga:quagga:-:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:-:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.20:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.20:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.20.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.20.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.21:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.21:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22:-:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22:-:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22:rc1:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22:rc1:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.22.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.23:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.23:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.23.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.23.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.24:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.24:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.24.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.24.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.0.20160309:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.0.20160309:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.0.20160315:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.0.20160315:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.0.20161017:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.0.20161017:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:1.2.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 09-10-2019 - 23:41)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1542985
title	CVE-2018-5379 quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment quagga is earlier than 0:0.99.22.4-5.el7_4
oval oval:com.redhat.rhsa:tst:20180377001
comment quagga is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100945002

AND

comment quagga-contrib is earlier than 0:0.99.22.4-5.el7_4
oval oval:com.redhat.rhsa:tst:20180377003
comment quagga-contrib is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100945004

AND

comment quagga-devel is earlier than 0:0.99.22.4-5.el7_4
oval oval:com.redhat.rhsa:tst:20180377005
comment quagga-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100945006

rhsa

id	RHSA-2018:0377
released	2018-02-28
severity	Important
title	RHSA-2018:0377: quagga security update (Important)

rpms

quagga-0:0.99.22.4-5.el7_4
quagga-contrib-0:0.99.22.4-5.el7_4
quagga-debuginfo-0:0.99.22.4-5.el7_4
quagga-devel-0:0.99.22.4-5.el7_4

refmap via4

bid	103105
cert-vn	VU#940439
confirm	http://savannah.nongnu.org/forum/forum.php?forum_id=9095 https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt
debian	DSA-4115
gentoo	GLSA-201804-17
mlist	[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update
ubuntu	USN-3573-1

Last major update

09-10-2019 - 23:41

Published

19-02-2018 - 13:29

Last modified

09-10-2019 - 23:41